General
-
Target
A3E02076203FB0A1C203265A9E9592F11FDC0D0E77A1D.exe
-
Size
530KB
-
Sample
220706-t79aeshbb4
-
MD5
4bf2eedfff6695b5f3fea01022c77b46
-
SHA1
6e08f77c366deb75ccc05c7e095132ca967d2dca
-
SHA256
a3e02076203fb0a1c203265a9e9592f11fdc0d0e77a1d4591ece152f913092fa
-
SHA512
d868367ef491593472eefe5009d5543b71f342406d4cc3a45c24e978a8c2112fe1da7a283918847dd7da4dfd5189d2559a9eebb6c7621ce9c4946513d3037c49
Static task
static1
Behavioral task
behavioral1
Sample
A3E02076203FB0A1C203265A9E9592F11FDC0D0E77A1D.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
Choi
192.99.175.89:49887
Targets
-
-
Target
A3E02076203FB0A1C203265A9E9592F11FDC0D0E77A1D.exe
-
Size
530KB
-
MD5
4bf2eedfff6695b5f3fea01022c77b46
-
SHA1
6e08f77c366deb75ccc05c7e095132ca967d2dca
-
SHA256
a3e02076203fb0a1c203265a9e9592f11fdc0d0e77a1d4591ece152f913092fa
-
SHA512
d868367ef491593472eefe5009d5543b71f342406d4cc3a45c24e978a8c2112fe1da7a283918847dd7da4dfd5189d2559a9eebb6c7621ce9c4946513d3037c49
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-